Posts Tagged: targeted

Twitter was targeted by a coordinated trolling campaign following Musk takeover

Following Elon Musk’s takeover, Twitter was the target of a coordinated trolling campaign, according to Yoel Roth, the company’s head of safety and security. In a thread spotted by The Guardian, Roth said late Saturday that Twitter was working to stop an “organized effort” by trolls to make people think the company had weakened its content guidelines. “Bottom line up front: Twitter’s policies haven’t changed. Hateful conduct has no place here,” Roth said, adding the company had seen a “small number of accounts” post “a ton” of tweets that included derogatory language.

In one instance, Roth says the company saw just 300 accounts post more than 50,000 tweets using the same slur. “We’ve taken action to ban the users involved in this trolling campaign – and are going to continue working to address this in the days to come to make Twitter safe and welcoming for everyone,” he wrote.

The news of a coordinated trolling campaign comes after a handful of research groups found evidence of bad actors trying to test the limits of Twitter. On Friday, the Network Contagion Research Institute tracked a 500 percent increase in usage of the n-word. The nonprofit linked the increase to posts on sites like 4chan, where users were encouraging each other to post hateful content.

On Friday, Musk said Twitter would not make any major moderation decisions until the company had the chance to form a council with “widely diverse viewpoints.” Before taking control of the company, Musk had said he wanted to do away with permanent bans, noting he would “err on the side of, if in doubt, let the speech exist.” More recently, he floated the idea of allowing users to split off into different sections of the platform where they could add content ratings to their tweets.

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Bored Ape and other major NFT Discord servers targeted by scammers

The Discord servers of popular NFT projects, including the Bored Ape Yacht Club, were targeted by scammers in the early hours of April Fools'. Some users reported losing money to the bad actors who hacked the projects' bots to post fake offers with links to their phishing websites, Motherboard reports. One of the phishing posts by a compromised Bored Ape bot read: "Oh no, our dogs are mutating. MAKC can be staked for our $ APE token. Holders of MAYC + BAYC will be able to claim exclusive rewards just by simply minting and holding our mutant dogs."

If a user clicks on the link in the post, they're taken to a website where they're tricked into minting a fake NFT in exchange for Ethereum. Other versions trick victims into sending the scammers NFTs by making them think their collectible was going to be wrapped. Two wallet addresses were tied to the hacks, one of which sold a stolen Mutant Ape Yacht Club NFT and then sent the other 19.85 ETH, or around $ 69,000 based on current exchange rates. The recipient wallet reportedly sent 61 ETH ($ 213,000) to a mixing service, which can obscure the origin and trail of potentially identifiable crypto coins. 

It's unclear how many people fell victim to the scams, but the projects' administrators quickly caught on and posted a warning to their fans. Bored Ape asked users not to mint anything from its Discord and clarified that it wasn't doing "any April Fools stealth mints." Nyoki Cub posted a similar warning and admitted that its "server was also compromised… due to a recent large-scale hack." It said it was able to take control of the situation within 30 minutes.

NFTs are making their way into mainstream popularity, with big-name celebs such as Justin Bieber and Madonna putting the spotlight on the digital collectibles. Schemes such as these are bound to become more as long as people keep pouring money into non-fungible tokens. 

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Crypto scammers stole $500K from wallets using targeted Google Ads

Scammers used a new type of phishing campaign, which doesn't use emails, to steal around $ 500,000 worth of cryptocurrency from wallets this past weekend alone. According to Check Point Research, those bad actors purchased Google Ads placements for their fraudulent websites that imitate popular wallets, such as Phantom App and MetaMask. The malicious websites have URLs close to the original's, such as "phantonn.app" — the real service's URL is "phantom.app" — with designs also copied from the real deal. 

Check Point Research
Check Point Research

The scammers will then steal the victim's passphrase if they visit the fake website and type it in. If the victim uses the fake website to create a new wallet, they will be given the attacker's secret recovery phrase. In the event that they use the recovery phrase to log in, they'll actually be logging into the bad actor's account, and any fund transferred to it will go to the scammer. For MetaMask, in particular, the fake website has the option to import an existing wallet. Since doing so requires a seed phrase, the scammers will also get access to it. 

As Check Point Research explains, the Phantom App and MetaMask are some of the most popular wallets for Solana and Ethereum. It cross-referenced Reddit forums to come to the conclusion that around half a million dollars were stolen last weekend alone, and it found 11 compromised wallet accounts containing crypto worth between $ 1,000 and $ 10,000. The scammers had already withdrawn funds from those wallets before CPR found them. 

CPR says scamming groups are now bidding on keywords on Google Ads, which is a testament to how effective the method is. It's now advising users to examine the wallet's URL closely and to skip Google Ads results altogether so as not to unknowingly fall for the scam.

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Hackers targeted BMW, Hyundai in hunt for trade secrets

Two of the world's larger car makers were the victims of a sophisticated (but still not very successful) hacking campaign. Bayerricscher Rundfunk has learned that intruders from the hacking group OceanLotus slipped into the networks of BMW and Hyund…
Engadget RSS Feed